code点火器 - 消费我自己的API和授权 [英] Code Igniter - Consuming my own API and authorisation
问题描述
我试图建立我HMVC codeigniter安装到API中心HMVC(是的,我知道!)
I am attempting to build my HMVC codeigniter install into an API centric HMVC (yeah I know!)
我ion_auth为此刻的授权系统。
I have ion_auth as the authorisation system at the moment.
我的方式有它设置为
MODELS
CONTROLLERS
- API CONTROLLER
- CONTROLLER
VIEWS
随着API控制器接受JSON EN codeD输入和发送JSON EN codeD输出。
With the API controller accepting JSON encoded inputs and sending JSON encoded outputs.
现在 - 这一切工作正常 - >我可以通过调用控制器/ API 访问API,可以通过它JSON和接收JSON回来
Now - it all works fine -> I can access the API by calling controller/api and can pass it JSON and receive JSON back.
然后我刚从中调用控制器/ API我的正常控制器
I then just call the controller/api from within my normal controller
我现在的问题带有授权。
My problem now comes with authorisation.
没有人可以访问,如果他们没有通过Ion_auth登录(因此它是安全的),但
Nobody can access the API if they aren't logged in through Ion_auth (so it is secure) BUT
我如何再暴露API?
我presume我需要下井 0验证的路线,但我在打结我试图让我的头周围怎么用Ø验证对于API,而不是通过时,我的控制器访问影响我的应用程序的性能。
I presume I need to go down the O Auth route but I have tied myself in a knot trying to get my head around how I can use O Auth for the API and not impact the performance of my application when accessed via my controller.
有向下不了解如何验证Ø全面工作(我可以实现它,了解手抖动等,但细节问题) - >如果我发现通过Ø验证验证用户(我指的是一些方法网站的用户没有一个API的用户),这如何通过携带到我的控制器 - 是存储在一个会话?我可以给我的控制器授权书? (我需要)
It is down to not understanding how O Auth works fully (I can implement it and understand the hand-shakes etc. but the nitty gritty) -> if I found some way of authenticating a user via O Auth (I mean a site user not an API user) how does this carry through to my controllers - is it stored in a session? Can I give my controllers Authorisations? (Do I need to)
或者 - 那里,我还没有听说过用离子验证这样做的方式
OR - is there a way of doing this with Ion Auth that I haven't heard about?
为了清楚
我想我自己的应用程序能够使用它自己的API,但不知道如何设置的authrosiation因此API可以由应用程序本身在当地消费,直接和(当用户使用网站)
I want my own application to be able to use it's own API, but do not know how to set up the authrosiation so the API can be consumed directly as well as locally by the application itself (when users are using the site)
帮助!
在此先感谢!
推荐答案
也许你可以卸下O权威性的API和刚刚创建访问键的表。当有人呼叫API他需要,在表中登记的键。否?
Maybe you can remove O auth for the API and just create a table of access key. When someone calls the API he needs a key that registered in the table. No ?
这篇关于code点火器 - 消费我自己的API和授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
